Communication terminal, communication system, and image processing method

ABSTRACT

A communication terminal, communicably connected with a service providing server, includes circuitry to receive a request for providing a service requested by a user, the service being one of one or more services provided by the service providing server; and perform a series of image processing on image data obtained at the communication terminal to implement the requested service in cooperation with the service providing server. In performing the series of image processing, the circuitry of the communication terminal executes a first program to perform first image processing on the image data, the first program requiring no authentication of the user in performing the first image processing, and executes a second program to perform second image processing on the image data, based on a determination that the user requesting the service is authorized to perform the second image processing.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is based on and claims priority pursuant to 35 U.S.C. § 119(a) to Japanese Patent Application Nos. 2017-174252, filed on Sep. 11, 2017, and 2018-166748, filed on Sep. 6, 2018, in the Japan Patent Office, the entire disclosure of which is hereby incorporated by reference herein.

BACKGROUND Technical Field

The present disclosure relates to a communication terminal, a communication system, an image processing method, and a recording medium.

Description of the Related Art

Recently, Internet of Things (IoT) attracts attention, such as communication systems utilizing edge computing. In such communication system, a terminal acquires image data, and transmits the image data to a server via the Internet to request for processing to analyze the image data. For example, a cloud service platform is known, which performs processing to recognize a human face at a server. Specifically, a camera is provided at the image acquisition terminal (edge node). The image acquisition terminal transmits image data captured at the camera to the centralized server (a face recognition application server), to request for performing processing to recognize a human face in the captured image.

SUMMARY

Example embodiments of the present invention include a communication terminal communicably connected with a service providing server, the communication terminal including: circuitry to: receive a request for providing a service requested by a user, the service being one of one or more services provided by the service providing server; and perform a series of image processing on image data obtained at the communication terminal to implement the requested service in cooperation with the service providing server. In performing the series of image processing, the circuitry of the communication terminal executes a first program to perform first image processing on the image data, the first program requiring no authentication of the user in performing the first image processing, and executes a second program to perform second image processing on the image data, based on a determination that the user requesting the service is authorized to perform the second image processing.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

A more complete appreciation of the disclosure and many of the attendant advantages and features thereof can be readily obtained and understood from the following detailed description with reference to the accompanying drawings, wherein:

FIG. 1 is a schematic diagram illustrating a communication system according to an embodiment;

FIG. 2 is a schematic diagram illustrating a hardware configuration of a real-time data processing terminal, according to an embodiment;

FIGS. 3A and 3B (FIG. 3) are schematic diagrams each illustrating an example of a hardware configuration of an imaging unit, according to an embodiment;

FIG. 4A is a view illustrating a hemispherical image (front side) captured by the imaging unit of FIG. 3B;

FIG. 4B is a view illustrating a hemispherical image (back side) captured by the imaging unit of FIG. 3B;

FIG. 4C is a view illustrating an image in equirectangular projection, generated by the imaging unit of FIG. 3B;

FIG. 5 is a schematic diagram illustrating a hardware configuration of each one of a terminal data processing device and a distributed data processing terminal, according to the embodiment;

FIG. 6 is a schematic diagram illustrating a hardware configuration of any one of centralized data processing server, service providing server, and authentication server, according to the embodiment;

FIG. 7 is a schematic diagram illustrating a software configuration of the real-time data processing terminal and the terminal data processing device, according to the embodiment;

FIG. 8 is a schematic block diagram illustrating a functional configuration of the communication system of FIG. 1, specifically, the image acquisition terminal, according to the embodiment;

FIG. 9 is a schematic diagram illustrating a functional configuration of the communication system of FIG. 1, specifically, the service providing server, authentication server, distributed data processing terminal, and centralized data processing server, according to the embodiment;

FIG. 10A is a conceptual diagram illustrating an example of image element data management table;

FIG. 10B is a conceptual diagram illustrating an example of cycle value management table;

FIG. 11A is a conceptual diagram illustrating an example of image acquisition program management table;

FIG. 11B is a conceptual diagram illustrating an example of image composition program management table;

FIG. 11C is a conceptual diagram illustrating an example of distortion correction program management table;

FIG. 11D is a conceptual diagram illustrating an example of service program management table;

FIG. 12 is a conceptual diagram illustrating an example of verification data management table;

FIG. 13 is a conceptual diagram illustrating an example of session management table;

FIGS. 14A, 14B, and 14C are each a conceptual diagram illustrating an example of terminal identifier;

FIG. 15 is a conceptual diagram illustrating an example of authentication server management table;

FIGS. 16A, 16B, and 16C are each a conceptual diagram illustrating an example of authentication management table;

FIG. 17 is a sequence diagram illustrating authentication processing, performed by the communication system of FIG. 1, according to an embodiment;

FIG. 18 is a sequence diagram illustrating authentication processing, performed by the communication system of FIG. 1 after processing of FIG. 17, according to the embodiment;

FIG. 19 is an example authentication server selection screen to be displayed at the distributed data processing terminal;

FIG. 20 is an example service providing screen to be displayed at the distributed data processing terminal;

FIG. 21 is a sequence diagram illustrating operation of processing an image recognition start request, performed by the communication system 1, according to an embodiment.

FIG. 22 is a sequence diagram illustrating operation of preparing for real-time processing to be performed by the real-time data processing terminal, according to an embodiment;

FIG. 23 is a sequence diagram illustrating operation of acquiring a program, performed by the communication system, according to an embodiment;

FIG. 24 is a sequence diagram illustrating an example of image recognition processing, performed by the communication system 1, according to the embodiment.

FIG. 25 is a flowchart illustrating an example of object detection processing, performed in the real-time processing;

FIG. 26 is a flowchart illustrating an example of event generation processing, performed in the real-time processing;

FIGS. 27A and 27B are each an illustration of an example captured image, displayed at the distributed data processing terminal;

FIG. 28 is a sequence diagram illustrating processing of verifying data to be verified, according to the embodiment;

FIG. 29A is an illustration of an example file selection screen for selecting verification data, displayed at the distributed data processing terminal, according to the embodiment;

FIG. 29B is an illustration of an example registration screen for registering verification data, displayed at the distributed data processing terminal, according to the embodiment;

FIG. 30 is an illustration of an example screen with a verification result message, displayed at the distributed data processing terminal;

FIG. 31 is a diagram illustrating an example layout of a certain room in which the image acquisition terminal is provided;

FIG. 32 is a flowchart illustrating a modified example of the event generation processing, in the real-time processing; and

FIG. 33 is a sequence diagram illustrating a modified example of verifying the data to be verified, according to the embodiment.

The accompanying drawings are intended to depict embodiments of the present invention and should not be interpreted to limit the scope thereof. The accompanying drawings are not to be considered as drawn to scale unless explicitly noted.

DETAILED DESCRIPTION

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise.

In describing embodiments illustrated in the drawings, specific terminology is employed for the sake of clarity. However, the disclosure of this specification is not intended to be limited to the specific terminology so selected and it is to be understood that each specific element includes all technical equivalents that have a similar function, operate in a similar manner, and achieve a similar result.

Overview

Referring to the drawings, one or more embodiments of the present invention are described. The following describes a communication system for edge computing. As described below, the image acquisition terminal 2 and the service providing server 8 operate in cooperation with each other to provide various types of services. Specifically, the image acquisition terminal 2, as an edge device, performs operation according to various types of services provided by the service providing server 8.

<<System Configuration>>

FIG. 1 is a schematic diagram illustrating a configuration of a communication system 1 according to an embodiment. As illustrated in FIG. 1, the communication system 1 of this embodiment includes a real-time data processing terminal 3, a terminal data processing device 5, a distributed data processing terminal 6, the centralized data processing server 7, a service providing server 8, and a plurality of authentication servers 9 a, 9 b, and 9 c. The real-time data processing terminal 3, the terminal data processing device 5, and the distributed data processing terminal 6 together operate as a distributed processing system 100.

The terminal data processing device 5 is communicably connected to the distributed data processing terminal 6 via the intranet 200. The distributed data processing terminal 6 is communicably connected to the centralized data processing server 7, the service providing server 8, and the authentication servers 9 a, 9 b, and 9 c via the Internet 600. In this disclosure, the authentication servers 9 a, 9 b, and 9 c are collectively referred to as the authentication server 9.

The real-time data processing terminal 3 is a terminal that captures images in real-time to obtain real-time captured image data. This processing to capture images in real-time may be referred to as real-time processing. The real-time data processing terminal 3 is detachably connected to an imaging unit 40 provided with an image sensor that captures an image of a target, such as a Complementary Metal Oxide Semiconductor (CMOS) sensor or a Charge Coupled Device (CCD) sensor. The real-time data processing terminal 3 digitizes the captured image, which is input from the imaging unit 40, into captured image data, and detects a specific object (here, an image of a human face) in the captured image in real-time (for example, every 1/60 seconds). The real-time data processing terminal 3 transmits, to the terminal data processing device 5, data of a partial image of the captured image having the detected object (“partial image data”). While a human face is a target for detection in this disclosure, any other part of a human body may be detected to generate a captured image, such as a human head, an upper body or a lower body of the human, a part of the human face such as eyes, etc. In alternative to or in addition to the human, any object such as an automobile or an animal may be subjected to detection. When an automobile is a target for detection, a driver or a passenger in the automobile, or a license plate attached to the automobile, may be detected. When an animal is a target for detection, a face, or a pattern of its body may be detected.

The terminal data processing device 5, which is located closely to the real-time data processing terminal 3, is connected to the real-time data processing terminal 3 in a one-to-one correspondence, for example, by a data bus, a Universal Serial Bus (USB), or the like. The terminal data processing device 5 encodes the partial image data received from the real-time data processing terminal 3 into encoded partial image data in a general-purpose format such as Joint Photographic Experts Group (JPEG). The terminal data processing device 5 further transmits the encoded partial image data to the distributed data processing terminal 6 via the intranet 200, as data to be verified in processing of facial image verification. The real-time data processing terminal 3 and the terminal data processing device 5 are connected with each other so as to together function as the image acquisition terminal 2. While only one image acquisition terminal 2 is shown in this figure, any number of image acquisition terminals 2 may be provided in the system.

The distributed data processing terminal 6 is a computer that accepts various operations from a user, and is disposed at a location relatively close to the terminal data processing device 5, compared to a location of the centralized data processing server 7 with respect to the distributed data processing terminal 6. The distributed data processing terminal 6 previously registers verification data for facial image verification. The distributed data processing terminal 6 transmits a request, via the Internet 600, for requesting the centralized data processing server 7 to verify the data to be verified, using the verification data. In such case, the distributed data processing terminal 6 also transmits, to the centralized data processing server 7, the data to be verified that is received from the terminal data processing device 5 and the pre-registered verification data. In response, the distributed data processing terminal 6 receives, from the centralized data processing server 7, verification result information indicating the verification result. Further, the distributed data processing terminal 6 displays the received verification result via a graphical interface.

The centralized data processing server 7 is disposed at a location relatively far from the terminal data processing device 5, compared to a location of the terminal data processing device 5 to the distributed data processing terminal 6. The centralized data processing server 7 communicates with the distributed data processing terminal 6 via a communication network such as the Internet 600. In response to reception of the verification request, the verification data, and the data to be verified, the centralized data processing server 7 compares between the verification data and the data to be verified to calculate the degree of similarity. The centralized data processing server 7 transmits verification result information indicating the verification result that includes the calculated similarity to the distributed data processing terminal 6. The verification result information includes, for example, a device identifier (ID) of the distributed data processing terminal 6 that has transmitted the verification request, a device ID of the image acquisition terminal 2 that has transmitted the data to be verified, the calculated similarity, the calculated date and time, a target for verification such as a name of a person being verified or a number being verified.

The service providing server 8 provides the image acquisition terminal 2 with various services.

The authentication server 9 authenticates the image acquisition terminal 2, to determine whether or not the image acquisition terminal 2 has authorized authority to receive various services from the service providing server 8. As described below, authentication of the image acquisition terminal 2 is performed using an ID of the distributed data processing terminal 6 managing the image acquisition terminal 2.

<<Hardware Configuration>>

Referring now to FIGS. 2 to 6, a hardware configuration of the communication system 1 is described according to the embodiment.

<Hardware Configuration of Real-Time Data Processing Terminal>

FIG. 2 is a schematic diagram illustrating a hardware configuration of the real-time data processing terminal 3, according to the embodiment. The real-time data processing terminal 3 includes a CPU 301, a ROM 302, a RAM 303, an EEPROM 304, a CMOS sensor (CMOS) 305, an acceleration and orientation sensor 306, a medium I/F 308, and a GPS receiver 309.

The CPU 301 controls entire operation of the real-time data processing terminal 3. The ROM 302 stores a control program for operating the CPU 301. The RAM 303 is used as a work area for the CPU 301. The EEPROM 304 reads or writes various data such as a control program for the real-time data processing terminal 3 under control of the CPU 301. Under control of the CPU 301, the CMOS sensor 305 captures an image of a target (mainly a blind spot of the imaging unit 40) to obtain captured image data. The acceleration and orientation sensor 306 includes various sensors such as an electromagnetic compass for detecting geomagnetism, a gyrocompass, and an acceleration sensor. The medium I/F 308 controls reading or writing of data with respect to a recording medium 307 such as a flash memory. The GPS receiver 309 receives a GPS signal from a GPS satellite.

The real-time data processing terminal 3 further includes an imaging unit I/F 313, a microphone 314, a speaker 315, an audio input/output I/F 316, a display 317, an external device connection I/F 318, and a touch panel 321.

The imaging unit I/F 313 is a circuit that controls driving of the imaging unit 40 when an external imaging unit 40 is connected to the real-time data processing terminal 3. The microphone 314 is an example of built-in audio collecting device capable of inputting audio under control of the CPU 301. The audio I/O I/F 316 is a circuit for inputting or outputting an audio signal to the microphone 314 or from the speaker 315 under control of the CPU 301. The display 317 may be a liquid crystal or organic electro luminescence (EL) display that displays an image of a target, an operation icon, or the like. The external device connection I/F 318 is an interface circuit that connects the real-time data processing terminal 3 to various external devices. The touch panel 321 is an example of input device that enables the user to input a user instruction to the real-time data processing terminal 3 through touching a screen of the display 317.

The real-time data processing terminal 3 further includes a bus line 310. The bus line 310 is an address bus or a data bus, which electrically connects the elements in FIG. 2 such as the CPU 301.

<Hardware Configuration of Imaging Unit>

FIGS. 3A and 3B are each a schematic block diagram illustrating a hardware configuration of the imaging unit 40, according to the embodiment. Specifically, FIG. 3A illustrates a hardware configuration of a monocular imaging unit 40 a, as an example of the imaging unit 40. FIG. 3B illustrates a hardware configuration of a compound eye imaging unit 40 b, as an example of the imaging unit 40. The imaging unit 40 is a generic term for a plurality of types of imaging units (imaging unit 40 a, 40 b, etc.) having different number of imaging elements or having different types of imaging elements. As described below, example types of imaging elements include, but not limited to, standard zoom lens, fish-eye lens, wide-angle lens, which may be determined according to a specific application of the imaging unit 40.

As illustrated in FIG. 3A, the imaging unit 40 a includes an imaging element 401 a such as a CMOS or a CCD, a lens 402 a, and a connection I/F 408 a to be electronically connected to the imaging unit I/F 313 of the real-time data processing terminal 3. The lenses 402 a is, for example, a standard lens, wide-angle lens, or fish-eye lens, which is suitable to correct distortion. When the imaging unit 40 a is connected to the imaging unit I/F 313 of the real-time data processing terminal 3, the imaging element 401 a captures an image according to an imaging control signal transmitted from the imaging unit I/F 313 via the connection I/F 408 a. Accordingly, the imaging unit 40 a illustrated in FIG. 3A obtains a planar image.

As illustrated in FIG. 3B, the imaging unit 40 b includes imaging elements 401 b 1 and 401 b 2 each may be a CMOS or a CCD, lenses 402 b 1 and 402 b 2, and a connection I/F 408 b to be electronically connected to the imaging unit I/F 313 of the real-time data processing terminal 3. The lenses 402 b 1 and 402 b 2 are, for example, fish-eye lenses. When the imaging unit 40 b is connected to the imaging unit I/F 313 of the real-time data processing terminal 3, each of the imaging element 401 b 1 and 401 b 2 captures an image according to an imaging control signal transmitted from the imaging unit I/F 313 via the connection I/F 408 b, and transmits the captured image to the imaging unit I/F 313. Accordingly, a plurality of images is transmitted as captured image data. Accordingly, the imaging unit 40 b illustrated in FIG. 3B obtains a spherical image, which may be referred to as an equirectangular projection image as described below.

Next, referring to FIGS. 4A to 4C, a description is given of an overview of operation of generating an equirectangular projection image EC from the images captured by the imaging unit 40 b. FIG. 4A is a view illustrating a hemispherical image (front side) captured by the imaging unit 40 b. FIG. 4B is a view illustrating a hemispherical image (back side) captured by the imaging unit 40 b. FIG. 4C is a view illustrating an image in equirectangular projection, which is referred to as an “equirectangular projection image” (or equidistant cylindrical projection image) EC.

As illustrated in FIG. 4A, an image captured by the imaging element 401 b 1 is a curved hemispherical image (front side) taken through the lens 402 b 1. Similarly, as illustrated in FIG. 4B, an image captured by the imaging element 401 b 2 is a curved hemispherical image (back side) taken through the lens 402 b 2. The hemispherical image (front side) and the hemispherical image (back side), which are reversed by 180-degree from each other, are combined by the real-time data processing terminal 3. This results in generation of the equirectangular projection image EC as illustrated in FIG. 4C. Here, the lenses are arranged to face each other, such that the front side and the back side of the imaging unit 40 can be captured to obtain hemispherical images of both sides, to generate the equirectangular projection image EC as illustrated in FIG. 4C.

<Hardware Configuration of Terminal Data Processing Device and Distributed Data Processing Terminal>

FIG. 5 is a schematic diagram illustrating a hardware configuration of each one of the terminal data processing device 5 and the distributed data processing terminal 6, according to the embodiment. Since the terminal data processing device 5 and the distributed data processing terminal 6 are substantially the same in hardware configuration, an example case of the terminal data processing device 5 is described below, while omitting the description of the distributed data processing terminal 6.

As illustrated in FIG. 5, the terminal data processing device 5 includes a CPU 501, a ROM 502, a RAM 503, an EEPROM 504, a CMOS sensor 505, an acceleration and orientation sensor 506, a medium I/F 508, and a GPS receiver 509.

The CPU 501 controls entire operation of the terminal data processing device 5. The ROM 502 stores a control program for controlling the CPU 501. The RAM 503 is used as a work area for the CPU 501. The EEPROM 504 reads or writes various data such as a control program for the terminal data processing device 5 under control of the CPU 501. The CMOS sensor 505 captures an object (for example, a self-image of the user operating the terminal data processing device 5) under control of the CPU 501 to obtain captured image data. The acceleration and orientation sensor 506 includes various sensors such as an electromagnetic compass for detecting geomagnetism, a gyrocompass, and an acceleration sensor. The medium I/F 508 controls reading or writing of data with respect to a recording medium 507 such as a flash memory. The GPS receiver 509 receives a GPS signal from a GPS satellite.

The terminal data processing device 5 further includes a far-distance communication circuit 511, an antenna 511 a for the far-distance communication circuit 511, a camera 512, an imaging element I/F 513, a microphone 514, a speaker 515, an audio input/output I/F 516, a display 517, an external device connection I/F 518, a near-distance communication circuit 519, an antenna 519 a for the near-distance communication circuit 519, and a touch panel 521.

The far-distance communication circuit 511 is a circuit that communicates with another device through the intranet 200, for example. The camera 112 is an example of built-in imaging device capable of capturing a target under control of the CPU 501. The imaging element I/F 513 is a circuit that controls driving of the camera 512. The microphone 514 is an example of built-in audio collecting device capable of inputting audio under control of the CPU 501. The audio I/O I/F 516 is a circuit for inputting or outputting an audio signal to the microphone 514 or from the speaker 515 under control of the CPU 501. The display 517 may be a liquid crystal or organic electro luminescence (EL) display that displays an image of a subject, an operation icon, or the like. The external device connection I/F 518 is an interface circuit that connects the terminal data processing device 5 to various external devices. The near-distance communication circuit 519 is a communication circuit that communicates in compliance with the near field radio communication (NFC) (Registered Trademark), the Bluetooth (Registered Trademark), and the like. The touch panel 521 is an example of input device that enables the user to input a user instruction for operating the terminal data processing device 5 through touching a screen of the display 517.

The terminal data processing device 5 further includes a bus line 510. The bus line 510 may be an address bus or a data bus, which electrically connects various elements such as the CPU 501 of FIG. 5.

<Hardware Configuration of Centralized Data Processing Server>

FIG. 6 is a schematic diagram illustrating a hardware configuration of any one of the centralized data processing server 7, the service providing server 8, and the authentication server 9, according to the embodiment. Since the centralized data processing server 7, the service providing server 8, and the authentication server 9 are substantially the same in hardware configuration, an example case of the centralized data processing server 7 is described below, while omitting the description of the service providing server 8 and the authentication server 9.

FIG. 6 is a schematic diagram illustrating a hardware configuration of the centralized data processing server 7, according to the embodiment. Referring to FIG. 6, the centralized data processing server 7, which is implemented by the general-purpose computer, includes a CPU 701, a ROM 702, a RAM 703, a hard disk (HD) 704, a hard disk drive (HDD) 705, a medium I/F 707, a display 708, a network I/F 709, a keyboard 711, a mouse 712, a medium drive 714, and a bus line 710. Since the centralized data processing server 7 operates as a server, an input device such as the keyboard 711 and the mouse 712, or an output device such as the display 708 does not have to be provided.

The CPU 701 controls entire operation of the centralized data processing server 7. The ROM 702 stores a control program for controlling the CPU 701. The RAM 703 is used as a work area for the CPU 701. The HD 704 stores various data such as programs. The HDD 705 controls reading or writing of various data to or from the HD 704 under control of the CPU 701. The medium I/F 707 controls reading or writing of data with respect to a recording medium 706 such as a flash memory. The display 708 displays various information such as a cursor, menu, window, characters, or image. The network I/F 709 is an interface that controls communication of data with an external device through the Internet 600. The keyboard 711 is one example of input device provided with a plurality of keys for allowing a user to input characters, numerals, or various instructions. The mouse 712 is one example of input device for allowing the user to select a specific instruction or execution, select a target for processing, or move a curser being displayed. The medium drive 714 reads or writes various data with respect to an optical disc 713 such as a Compact Disc ReWritable (CD-RW), DVD, and Blue-disc, as an example of removable recording medium.

The centralized data processing server 7 further includes a bus line 710. The bus line 710 is an address bus or a data bus, which electrically connects the elements in FIG. 6 such as the CPU 701. The service providing server 8 and the authentication server 9 each have the same hardware configuration as described above.

<<Software Configuration>>

FIG. 7 is a schematic diagram illustrating a software configuration of the real-time data processing terminal 3 and the terminal data processing device 5, which together operate as the image acquisition terminal 2, according to the embodiment.

As illustrated in FIG. 7, the real-time data processing terminal 3 includes OS 300, and image recognition application AP1. The image recognition application AP1 is deployed in a work area, such as the RAM 303 of the real-time data processing terminal 3. The OS 300 is basic software that controls entire operation of the real-time data processing terminal 3 through providing basic functions. The image recognition application AP1 is an application for recognizing faces of people, animals, etc. from the captured images.

The terminal data processing device 5 includes OS 500 and communication application AP2. The communication application AP2 is deployed in a work area, such as the RAM 503 of the terminal data processing device 5. The OS 500 is basic software that controls entire operation of the terminal data processing device 5 through providing basic functions. The communication application AP2 is an application for communicating with another terminal (device) such as the distributed data processing terminal 6.

In the image acquisition terminal 2, while the real-time data processing terminal 3 performs image recognition, the terminal data processing device 5 communicates with the distributed data processing terminal 6 via the intranet 200 to perform distributed processing to transmit the partial image data as data to be verified, or receive a verification result.

Note that the real-time data processing terminal 3 and the terminal data processing device 5 are each installed with not only the OS but also a driver, a software development kit (SDK), or an application programming interface (API) that may be different between the real-time data processing terminal 3 and the terminal data processing device 5.

Referring to FIGS. 8 to 16C, a functional configuration of the communication system 1 is described according to an embodiment.

<<Functional Configuration>>

First, referring to FIG. 8 to FIG. 16, functional configurations of terminals, apparatuses, and servers in the communication system 1 are described, according to the embodiment. FIGS. 8 and 9 are a schematic block diagram illustrating a functional configuration of the communication system 1 according to the first embodiment. FIG. 8 specifically illustrates a functional configuration of the image acquisition terminal 2 in the communication system 1.

<Functional Configuration of Real-Time Data Processing Terminal>

Referring to FIG. 8, the real-time data processing terminal 3 includes a determiner 33, an image processing unit 34, an event generator 36, a display control 37, a connection unit 38, a storing and reading unit 39, and a communication unit 48. These units are functions that are implemented by or that are caused to function by operating any of the hardware components illustrated in FIG. 2 in cooperation with the instructions of the CPU 301 according to the control program expanded from the EEPROM 304 to the RAM 303.

The real-time data processing terminal 3 further includes a storage unit 3000, which is implemented by the ROM 302, the RAM 303, and/or the EEPROM 304 illustrated in FIG. 2. The storage unit 3000 stores therein shape model data, which is described below. The storage unit 3000 further stores an imaging element data management DB 3001, a cycle value management DB 3002, an image acquisition program management DB 3003, an image composition program management DB 3004, a distortion correction program management DB 3005, and a service program management DB 3006.

The imaging element data management DB 3001 is implemented by an imaging element data management table, which is described below referring to FIG. 10A. The cycle value management DB 3002 is implemented by a cycle value management table, which is described below referring to FIG. 10B. The image acquisition program management DB 3003 is implemented by an image acquisition program management table, which is described below referring to FIG. 11A. The image composition program management DB 3004 is implemented by an image composition program management table, which is described below referring to FIG. 11B. The distortion correction program management DB 3005 is implemented by a distortion correction program management table, which is described below referring to FIG. 11C. The service program management DB 3006 is implemented by a service program management table, which is described below referring to FIG. 11D.

(Imaging Element Data Management Table)

FIG. 10A is a conceptual diagram of an example of imaging element data management table. The imaging element data management table stores, for each one or more types of imaging unit 40, a model number of the imaging unit 40, the number of imaging elements included in the imaging unit 40, and a type of one or more lenses in the imaging unit 40, in association with one another. The model number is an example of type information indicating a type of the imaging unit 40 that is determined by the difference in number of imaging elements or type of lenses. In alternative to the model number, an identifier of the imaging unit 40 such as a product number, a bar code, etc. may be used, as long as such identifier is able to determine a number of imaging elements and/or a lens type of the imaging unit 40.

(Cycle Value Management Table)

FIG. 10B is a conceptual diagram illustrating an example of cycle value management table. The cycle value management table stores a number of imaging elements in the imaging unit 40 and a cycle value (frames per second) indicating a cycle time of the object recognition process, which will be described later, in association.

The tables of FIGS. 11A to 11C are each used for managing whether or not an appropriate program is installed in the real-time data processing terminal 3, depending on a model number of the real-time data processing terminal 3.

(Image Acquisition Program Management Table)

FIG. 11A is a conceptual diagram of an example of image acquisition program management table. The image acquisition program management table stores a number of imaging elements in the imaging unit 40 and an identifier of an image acquisition program (such as a name) to be installed in the real-time data processing terminal 3 to process data of the imaging unit 40 having a specific number of imaging elements, in association with flag information indicating whether that image acquisition program is installed (“install” field). For example, in case an image acquisition program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having one imaging element, the program name “ProgC01 (1 system)” and the flag information “1” are stored in association with the number of imaging elements “1”. Similarly, in case an image acquisition program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having two imaging elements, the program name “ProgC02 (2 systems)” and the flag information “1” are stored in association with the number of imaging elements “2”. In case no program is installed, the program name and the flag information “0” indicating that program is not installed are stored in association with the number of imaging elements.

(Image Composition Program Management Table)

FIG. 11B is a conceptual diagram illustrating an example of image composition program management table. The image composition program management table stores a number of imaging elements in the imaging unit 40 and an identifier of an image composition program (such as a name) to be installed in the real-time data processing terminal 3 to process data of the imaging unit 40 having a specific number of imaging elements, in association with flag information indicating whether the image composition program is installed (“install” field). For example, in case an image composition program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having a single imaging element, the program name “ProgS01 (image composition)” and the flag information “1” are stored in association with the number of imaging element “1” For instance, the program identified with “ProgS01 (image composition)” is used to combine images, which are sequentially obtained using the one imaging unit. Similarly, in case an image composition program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having two imaging elements, the program name “ProgS02 (image composition)” and the flag information “1” are stored in association with the number of imaging elements “2”. In case no program is installed, the program name and the flag information “0” indicating that program is not installed are stored in association with the number of imaging elements. In alternative example, since composition (combining) of images is not necessary for the imaging unit 40 with one imaging element, no program name may be managed.

(Distortion Correction Program Management Table)

FIG. 11C is a conceptual diagram illustrating an example of distortion correction program management table. The distortion correction program management table stores a type of the lens in the imaging unit 40 and an identifier of the distortion correction program (such as the name) to be installed in the real-time data processing terminal 3 to process data of the imaging unit 40 having a specific lens type, in association with flag information indicating whether the distortion correction program is installed (“install” field). For example, in case a distortion correction program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having the wide-angle lens, the program name “ProgW01 (wide-angle correction)” and the flag information “1” are stored in association with the lens type “wide-angle lens”. Similarly, in case a distortion correction program is installed in the real-time data processing terminal 3 for processing data of the imaging unit 40 having the fish-eye lens, the program name “ProgW02 (fish-eye correction)” and the flag information “1” are stored in association with the lens type “fish-eye lens”. In case no program is installed, the program name and the flag information “0” indicating that program is not installed are stored in association with the type of imaging elements.

(Service Program Management Table)

FIG. 11D is a conceptual diagram illustrating an example of service program management table. The table of FIG. 11D is used for determining whether a specific program is installed at the image acquisition terminal 2 (in this case, the real-time data processing terminal 3) to perform a specific service, based on authentication of the image acquisition terminal 2 (or the user operating the image acquisition terminal 2) by the authentication server 9. The service program management table stores an authentication server ID for identifying an authentication server for providing a specific service and an identifier (such as a name of the program) of a service program for providing the specific service to the image acquisition terminal 2, in association with flag information indicating whether the service program is installed (“install” field). For example, in case an object detection program is installed in the real-time data processing terminal 3, which is authenticated by the authentication server for providing an object detection service, the program name “Prog D01 (object detection)” and the flag information “1” are stored in association with the authentication server ID “a01” of the authentication server providing the object detection service. Similarly, in case an object counting program is installed in the real-time data processing terminal 3, which is authenticated by the authentication server for providing an object counting service, the program name “Prog D02 (object counting)” and the flag information “1” are stored in association with the authentication server ID “a02” of the authentication server providing the object counting service. In case no program is installed, the program name and the flag information “0” indicating that program is not installed are stored in association with the authentication server ID.

As described above, some application programs, like the programs described above referring to FIGS. 11A to 11C, are installed at the image acquisition terminal 2, for example, when an imaging unit 40 is newly detected or the image acquisition terminal 2 is newly registered to a system. Once such application programs are installed, authentication of the user using the image acquisition terminal 2 (or the distributed data processing terminal 6 that manages the image acquisition terminal 2) to use such application programs is not necessary, as none of these application programs referring to FIGS. 11A to 11C handles information that can identify a user.

On the other hand, some application programs, like the programs described above referring to FIG. 11D, are installed at the image acquisition terminal 2 when a specific service related to identification of a user is requested. Even when such application programs are installed based on authentication, authentication of user using the image acquisition terminal 2 (or the distributed data processing terminal 6 that manages the image acquisition terminal 2) to use such application programs is necessary, as these application programs referring to FIG. 11D handles user-specific information that can identify a user, such as a facial image of the user and a name of the user.

While it is possible that the communication system 1 allows the image acquisition terminal 2 to execute various types of application programs only when the image acquisition terminal 2 is authenticated as an authorized terminal, performing authentication processing for each of the application programs to be executed is cumbersome, resulting in the increase in processing load. This may result in delay in overall processing, which is not desirable especially for the communication system 1 that may be used to detect a suspicious person in which real-time data processing is preferable.

In view of this, the communication system 1 described in this disclosure performs authentication processing only for the application programs that are previously determined as authentication processing is needed, such as the application programs that handle user-specific information. Accordingly, processing of image data, which is acquired at the image acquisition terminal 2, is performed in real time, while still maintaining the security level.

(Functional Configuration of Real-Time Data Processing Terminal)

Referring to FIG. 8, a functional configuration of the real-time data processing terminal 3 is described according to the embodiment.

The determiner 33, which is implemented by instructions of the CPU 301, performs various determinations. For example, the determiner 33 refers to the imaging element data management DB 3001 to determine a number of imaging elements or a lens type of the imaging unit 40 having the model type sent from the imaging unit 40.

The image processing unit 34, which is implemented by the instructions of the CPU 301, performs various types of image processing according to one or more programs (image acquisition program, image composition program, distortion correction program, and service program), which are managed using the tables described above referring to FIGS. 11A to 11D. More specifically, the image processing unit 34 executes a first program (for example, an image acquisition program, an image composition program, and a distortion correction program) that does not require authentication for obtaining, to apply first image processing (for example, image acquisition, image composition, and distortion correction) to image data such as captured image data. The image processing unit 34 further executes a second program (for example, a service program) that requires authentication for obtaining, to apply second image processing (for example, an object detection, an object counting) to image data such as captured image data.

The captured image data to be applied with image processing, contains a detection target as described above. For example, the image processing unit 34 detects feature points as a candidate for a specific object such as a human face in the captured image, and refers to the shape model data indicating a shape model of the specific object (such as the human face) to detect the coordinates of the specific object in the captured image. Any desired known method may be used to detect the specific object.

The event generator 36, which is implemented by the instructions of the CPU 301, generates detection data (event data) indicating detection of a specific object, for example, when the coordinates of a specific object are specified by the image processing unit 34.

The display control 37, which is implemented by the instructions of the CPU 301, controls the display 317 to display various screens.

The connection unit 38, which is implemented by the imaging unit I/F 313 and the instructions of the CPU 301, is an interface for mechanically and electrically connecting the imaging unit 40 to the real-time data processing terminal 3.

The storing and reading unit 39, which is implemented by instructions of the CPU 301, stores various data or information in the storage unit 3000 or reads out various data or information from the storage unit 3000.

The communication unit 48, which may be implemented by the instructions of the CPU 301 and the external device connection I/F 318, transmits or receives various data (or information) to or from the communication unit 58 of the terminal data processing device 5. The one-to-one communication between the communication unit 48 and the communication unit 58 may be performed via a wired network or a wireless network.

<Functional Configuration of Terminal Data Processing Device>

As illustrated in FIG. 8, the terminal data processing device 5 includes a transmitter and receiver 51, a data detector 56, a display control 57, a communication unit 58, and a storing and reading unit 59. These units are functions that are implemented by or that are caused to function by operating any of the elements illustrated in FIG. 5 in cooperation with the instructions of the CPU 501 according to the control program expanded from the EEPROM 504 to the RAM 503.

The terminal data processing device 5 further includes a storage unit 5000, which is implemented by the ROM 502, RAM 503 and EEPROM 504 illustrated in FIG. 5.

(Functional Configuration of Terminal Data Processing Device)

Referring to FIG. 8, a functional configuration of the terminal data processing device 5 is described according to the embodiment.

The transmitter and receiver 51 of the terminal data processing device 5, which is implemented by the far-distance communication circuit 511, the antenna 511 a, and the instructions of the CPU 501, transmits or receives various data (or information) to or from the distributed data processing terminal 6 via a communication network (the intranet 200).

The data detector 56, which is implemented by the instructions of the CPU 501, detects whether or not an event has occurred that triggers reception of data from the real-time data processing terminal 3, and whether or not the reception of data is completed.

The display control 57, which is implemented by the instructions of the CPU 501, controls the display 517 to display various screens.

The communication unit 58, which may be implemented by the instructions of the CPU 501 and the external device connection I/F 518, transmits or receives various data (or information) to or from the communication unit 48 of the real-time data processing terminal 3. The one-to-one communication between the communication unit 58 and the communication unit 48 may be performed via a wired network or a wireless network.

The storing and reading unit 59, which is implemented by instructions of the CPU 501, stores various data or information in the storage unit 5000 or reads out various data or information from the storage unit 5000.

<Functional Configuration of Distributed Data Processing Terminal>

As illustrated in FIG. 9, the distributed data processing terminal 6 includes a transmitter and receiver 61, an acceptance unit 62, a determiner 63, a display control 67, and a storing and reading unit 69. These units are functions that are implemented by or that are caused to function by operating any of the elements illustrated in FIG. 5 in cooperation with the instructions of the CPU 501 according to the control program expanded from the EEPROM 504 to the RAM 503 in the distributed data processing terminal 6.

The distributed data processing terminal 6 further includes a storage unit 6000, which is implemented by the ROM 502, RAM 503 and EEPROM 504 illustrated in FIG. 5. The storage unit 6000 stores verification data. The storage unit 6000 further stores a verification data management DB 6001. The verification data management DB 6001 is implemented by a verification data management table, which will be described below referring to FIG. 12. The verification data may be stored in a memory of any data management server other than the distributed data processing terminal 6.

(Verification Data Management Table)

FIG. 12 is a conceptual diagram illustrating the verification data management table according to the embodiment. The verification data management table stores, for each one of a plurality of persons to be verified, a file name of an image file (such as a facial image) as the verification data and a name of a person identified with a facial image.

(Functional Configuration of Distributed Data Processing Terminal)

The transmitter and receiver 61 of the distributed data processing terminal 6, which is implemented by the far-distance communication circuit 511, the antenna 511 a, and the instructions of the CPU 501, transmits or receives various data (or information) to or from the centralized data processing server 7 via a communication network (the Internet 600). For example, the transmitter and receiver 61 transmits a verification request for verifying the data to be verified using the verification data, to the centralized data processing server 7, or performs processing on the verification result sent from the centralized data processing server 7. The transmitter and receiver 61 transmits or receives various data (or information), such as the data to be verified, to or from the image acquisition terminal 2 via the communication network (such as the intranet 200).

The acceptance unit 62 is implement by the touch panel 521 of the distributed data processing terminal 6, which operates under control of the CPU 501, to receive various selections or inputs from the user.

The determiner 63, which is implemented by instructions of the CPU 501 of the distributed data processing terminal 6, performs various determinations.

The display control 67, which is implemented by the instructions of the CPU 501 of the distributed data processing terminal 6, controls the display 517 to display various screens.

The storing and reading unit 69, which is implemented by instructions of the CPU 501 of the distributed data processing terminal 6, stores various data or information in the storage unit 6000 or reads out various data or information from the storage unit 6000. For example, the storing and reading unit 69 stores the verification data (in this case, the facial image data) in the storage unit 6000 according to a registration request received at the acceptance unit 62.

<Functional Configuration of Centralized Data Processing Server>

As illustrated in FIG. 9, the centralized data processing server 7 includes a transmitter and receiver 71, an acceptance unit 72, a feature value generator 74, a verification unit 75, and a storing and reading unit 79. These units are functions that are implemented by or that are caused to function by operating any of the elements illustrated in FIG. 6 in cooperation with the instructions of the CPU 701 according to the control program expanded from the HD 704 to the RAM 703 in the centralized data processing server 7.

The centralized data processing server 7 further includes a storage unit 7000, which is implemented by the ROM 702, the RAM 703 and the HD 704 illustrated in FIG. 6. The storage unit 7000 stores feature value data to be used for verification, which will be described below.

(Functional Configuration of Centralized Data Processing Server)

The transmitter and receiver 71 of the centralized data processing server 7, which is implemented by the network I/F 709 and the instructions of the CPU 701, transmits or receives various data (or information) to or from the distributed data processing terminal 6 via a communication network (the Internet 600). For example, the transmitter and receiver 71 receives a verification request for verifying the data to be verified using the verification data, from the distributed data processing terminal 6, or sends the verification result to the distributed data processing terminal 6.

The acceptance unit 72 is implemented by the keyboard 711 or mouse 712, which operates under control of the CPU 701, to receive various selections or inputs from the user.

The feature value generator 74, which is implemented by the instructions of the CPU 701, generates parameters of feature values from the data to be verified (partial image data) and the verification data that are received at the transmitter and receiver 71.

The verification unit 75, which is implemented by the instructions of the CPU 701, compares the feature values between the verification data and the data to be verified, using the feature values obtained at the feature value generator 74, to calculate a score (in points) indicating the similarity in feature values.

The storing and reading unit 79, which is implemented by the instructions of the CPU 701, stores various data or information in the storage unit 7000 or reads out various data or information from the storage unit 7000.

<Functional Configuration of Service Providing Server>

Next, referring to FIGS. 9, 13 to 15, each functional unit of the service providing server 8 is described in detail. As illustrated in FIG. 9, the service providing server 8 includes a transmitter and receiver 81, a determiner 82, an extractor 87, and a storing and reading unit 89. These units are functions that are implemented by or that are caused to function by operating any of the elements illustrated in FIG. 6 in cooperation with the instructions of the CPU 701 according to the service providing program expanded from the HD 704 to the RAM 703.

The service providing server 8 further includes a storage unit 8000, which is implemented by the RAM 703 and the HD 704 illustrated in FIG. 6. The storage unit 8000 stores various data transmitted from the distributed data processing terminal 6 or the authentication server 9. The storage unit 8000 stores all of the programs, which is determined according to the tables referring to FIGS. 11A to 11D. In response to a request from the real-time data processing terminal 3, the service providing server 8 transmits the requested program for installation to the real-time data processing terminal 3.

The storage unit 8000 further includes a session management DB 8001 and an authentication server management DB 8002. The session management DB 8001 is implemented by a session management table, which is described below referring to FIG. 13. The authentication server management DB 8002 is implemented by an authentication server management table, which is described below referring to FIG. 15. Each table will be described in detail below.

(Session Management Table)

FIG. 13 is a conceptual diagram of an example of session management table. The session management table of FIG. 13 manages a session to be used for providing various types of services (that is, various types of programs for executing the services) to the distributed data processing terminal 6 managing the image acquisition terminal 2. The session management table stores a session ID for identifying a communication session established with the distributed data processing terminal 6, a terminal ID for identifying the distributed data processing terminal 6, and an IP address of the distributed data processing terminal 6 operated by the user identified with the terminal ID, in association. Here, the terminal ID may be any identifier for identifying the user operating the distributed data processing terminal 6, or the distributed data processing terminal 6 itself. In the following example, the terminal ID includes a user ID identifying the user operating the distributed data processing terminal 6.

FIGS. 14A, 14B, and 14C each illustrate an email address as an example of the terminal ID, which can be classified into a part to be authenticated (subject for authentication) and a part not to be authenticated (not subject for authentication). More specifically, in the following examples, the email address, as an example of the terminal ID, includes a user ID. A part or entire user ID is used for authentication. The part subject for authentication is a user ID to be used for authentication by the authentication server 9. The part not subject for authentication is any part other than the user ID, which is not to be used for authentication by the authentication server 9.

Referring to a first example case of FIG. 14A, the part subject for authentication includes an account name “asai”, a host name “myhost” and a domain name “ricoo.com”. The part not subject or authentication includes “theta1”, which is any remaining part of the email address. In such case, the extractor 87 distinguishes between the part subject for authentication and the part not subject for authentication by “/”.

The email address of FIG. 14B can be classified into the part subject for authentication and the part not subject for authentication, similar to that of FIG. 14A, except that the part not subject for authentication differs. Specifically, the authentication server 9 recognizes that the terminal ID of FIG. 14B is the same as that of FIG. 14A, as the part subject for authentication is the same, even when the part not subject for authentication differs.

Alternatively, the terminal ID may be authenticated according to a second example case illustrated in FIG. 14C. Referring to the second example case of FIG. 14C, the part subject for authentication includes a front part of an account name, that is, “asai”. The part not subject for authentication includes “theta2”, which is any remaining part of the account name, and a host name “myhost”, and a domain name “ricoo.com”. In such case, the extractor 87 distinguishes between the part subject for authentication and the part not subject for authentication by “+”.

(Authentication Server Management Table)

FIG. 15 is a conceptual diagram of an example of authentication server management table. The authentication server management table stores, for each authentication server 9, an authentication server ID identifying the authentication server 9 and a URL (Uniform Resource Locator) for accessing the authentication server 9 in association.

(Each Functional Unit of Service Providing Server)

Next, referring to FIG. 9, each functional unit of the service providing server 8 is described in detail.

The transmitter and receiver 81 of the service providing server 8, which may be implemented by the instructions from the CPU 701, and the network I/F 709, illustrated in FIG. 6, transmits or receives various data (or information) to or from the distributed data processing terminal 6 or the authentication server 9 through the communication network (such as the Internet 600).

The determiner 82, which is implemented by instructions from the CPU 701 illustrated in FIG. 6, determines, for example, whether or not a communication session for providing a service to the distributed data processing terminal 6 has already been established.

The extractor 87, which is implemented by instructions from the CPU 701 illustrated in FIG. 6, extracts a user ID (part subject for authentication) from the terminal ID as illustrated in FIGS. 14A to 14C.

The storing and reading unit 39, which is implemented by instructions from the CPU 701 and the HDD 705, illustrated in FIG. 6, stores various data or information in the storage unit 8000 or reads out various data or information from the storage unit 8000.

<Functional Configuration of Authentication Server>

Next, referring to FIGS. 9 and 16A to 16C, each functional unit of the authentication server 9 is described in detail. The authentication server 9 includes a transmitter and receiver 91, an authentication unit 92, and a storing and reading unit 99. These units are functions that are implemented by or that are caused to function by operating any of the elements illustrated in FIG. 6 in cooperation with the instructions of the CPU 701 according to the authentication server program expanded from the HD 704 to the RAM 703.

The authentication server 9 further includes a storage unit 9000, which is implemented by the RAM 703 and the HD 704 illustrated in FIG. 6. The storage unit 9000 stores various data transmitted from the distributed data processing terminal 6 or the service providing server 8.

The storage unit 9000 further stores an authentication management DB 9001. The authentication management DB 9001 is implemented by an authentication management table, which is described below. The authentication management table will be described in detail below.

(Authentication Management Table)

FIG. 16A is a conceptual diagram of an example of authentication management table stored in the authentication server 9 a. FIG. 16B is a conceptual diagram of an example of authentication management table stored in the authentication server 9 b. 16C is a conceptual diagram of an example of authentication management table stored in the authentication server 9 c.

The authentication management table stores, for each user being managed, a user ID (the part subject for authentication) for identifying the user, and a password, in association. In this example, the user ID is a part of the terminal ID, which is subject for authentication, as described above referring to FIGS. 14A to 14C. The password is previously set by the user identified with the user ID.

(Each Functional Unit of Authentication Server)

Next, referring to FIG. 9, each functional unit of the authentication server 9 is described in detail.

The transmitter and receiver 91 of the authentication server 9, which is implemented by the instructions from the CPU 701 and the network I/F 709, transmits or receives various data (or information) to or from the distributed data processing terminal 6 and the service providing server 8 via the communication network (the Internet 600).

The authentication unit 92, which is implemented by the instructions from the CPU 701 illustrated in FIG. 6, authenticates the ID (such as the terminal ID) of the distributed data processing terminal 6, based on a determination of whether or not the image acquisition terminal 2 that has transmitted the authentication request has an authority to receive a service. Such authentication is performed because the distributed data processing terminal 6 manages the image acquisition terminal 2. That is, in one example, the distributed data processing terminal 6 manages a plurality of image acquisition terminals 2, which may be distributed over different places, but within a same local area. In such case, the user (usually, the operator) of the distributed data processing terminal 6 is given an authorization to install or use some application programs (that is, services) that require authentication.

The storing and reading unit 99, which is implemented by the instructions of the CPU 701 and the HDD 705, illustrated in FIG. 6, stores various data or information in the storage unit 9000 or reads out various data or information from the storage unit 9000.

<<Operation>>

Referring now to FIGS. 17 to 33, operation performed by the communication system 1 is described according to the embodiment.

<Authentication Processing>

First, authentication processing will be described with reference to FIGS. 17 to 20. FIGS. 17 and 18 are sequence diagrams illustrating authentication processing, performed by the communication system 1, according to the embodiment. FIG. 19 and FIG. 20 are diagrams illustrating examples of screens, displayed at the distributed data processing terminal 6.

As illustrated in FIG. 17, the transmitter and receiver 61 of the distributed data processing terminal 6 transmits a request for an authentication server selection screen to the service providing server 8 (S21). This authentication server selection screen request includes the terminal ID of the distributed data processing terminal 6. The transmitter and receiver 61 further transmits the IP address of the distributed data processing terminal 6, with the authentication server selection screen request. The transmitter and receiver 81 of the service providing server 8 receives the request for the authentication server selection screen and the IP address of the distributed data processing terminal 6.

Next, the determiner 82 of the service providing server 8 determines whether or not the terminal ID of the distributed data processing terminal 6 received at S21 is stored in association with a session ID in the session management table (FIG. 13) (S22). Hereinafter, the case where the terminal ID of the distributed data processing terminal 6 is not stored in association with the session ID will be described.

The transmitter and receiver 81 of the service providing server 8 transmits data of an authentication server selection screen to the distributed data processing terminal 6 (S23). The transmitter and receiver 61 of the distributed data processing terminal 6 receives the data of the authentication server selection screen.

Next, the display control 67 of the distributed data processing terminal 6 controls the display 517 to display an authentication server selection screen s1 as illustrated in FIG. 19 (S24). FIG. 19 illustrates an example of the authentication server selection screen s1, displayed at the distributed data processing terminal 6. The authentication server selection screen s1 includes an ID entry field b1, a password entry field b2, and a login button b3 for accepting a login request (authentication request). The authentication server selection screen s1 further includes a plurality of authentication server selection buttons a1, a2, and a3 for selecting the authentication servers 9 a, 9 b, and 9 c, respectively. For example, the authentication server selection button a1 provides, when selected, a user with a service of object detection using the object detection program. The authentication server selection button a2 provides, when selected, a user with a service of object counting using the object counting program.

Here, the user inputs the terminal ID of the distributed data processing terminal 6 operated by the user in the ID entry field b1, and a password in the password entry field b2, as information to be used for authentication. As described above referring to FIGS. 14A to 14C, in this example, the email address of the user is used as the terminal ID. After entering the terminal ID and the password, the user presses a desired button from among the authentication server selection buttons a1, a2, and a3, and further presses the login button b3. The acceptance unit 62 accepts a selection of a specific service, indicated by the selected authentication server selection button (S25). The following describes an example case in which, in response to selection of the authentication server selection button a1, the service providing server 8 provides the object detection service according to the object detection program ProgD01.

The transmitter and receiver 61 transmits an ID authentication request for authenticating the ID (in this example, the terminal ID) of the distributed data processing terminal 6 to the service providing server 8 (S26). The ID authentication request includes the terminal ID and the password, and the selection result of the authentication server 9, received at S25, and the URL of the distributed data processing terminal 6. The selection result of the authentication server 9 indicates an authentication server ID for identifying the selected authentication server 9. The transmitter and receiver 81 of the service providing server 8 receives the ID authentication request.

Next, the storing and reading unit 89 of the service providing server 8 searches the authentication server management table (FIG. 15) using the authentication server ID, which is received at S26 as the selection result, as a search key, to read out the URL of the authentication server associated with the received authentication server ID (S27).

The extractor 87 extracts only the user ID (the part subject for authentication) out of the terminal ID received at S26 (S28). Then, the transmitter and receiver 81 transmits an ID authentication request to the authentication server 9 indicated by the URL read out at S27 (S29). The ID authentication request includes the user ID (the part subject for authentication) extracted at S28, the password received at S26, and the URL of the distributed data processing terminal 6 received at S26. Accordingly, the transmitter and receiver 71 of the authentication server 9 receives the ID authentication request, which is a request for authenticating the user of the distributed data processing terminal 6.

Next, the storing and reading unit 99 of the authentication server 9 searches the authentication management table (FIG. 16), using a pair of the user ID (the part subject for authentication) and the password received at S29 as a search key, to output a search result. Based on this search result indicating whether the same pair has been stored, the authentication unit 92 authenticates the ID of the distributed data processing terminal 6 (S30). When the same pair is stored, the authentication unit 92 determines that the distributed data processing terminal 6 is an authorized terminal allowed to receive a requested service from the service providing server 8. When the same pair is not stored, the authentication unit 92 determines that the distributed data processing terminal 6 is not an authorized terminal for receiving a requested service from the service providing server 8.

At S28, the extractor 87 extracts the part subject for authentication from the terminal ID, but it is not limited thereto. For example, the service providing server 8 does not have to be provided with the extractor 87. In such case, at S29, the transmitter and receiver 81 may transmit only the user ID (the part subjected for authentication) out of the terminal ID, in addition to the password and the URL. While a part of the user ID may not be recognized without the extractor 87, as long as the user ID is recognized and sent to the authentication server 9, the authentication server 9 is able to authenticate the user at the distributed data processing terminal 6. For example, the authentication server 9 may be provided with the extractor 87 to extract the part subjected for authentication, from the user ID that is received. More specifically, in one example, the distributed data processing terminal 6 may extract the part subjected to authentication from the terminal ID in prior to S26. In such case, at S26, the user ID (the part subjected to authentication) is sent. Alternatively, the authentication server 9 may extract, from the terminal ID, the part subjected to authentication after S29. In such case, the terminal ID is transmitted at S29, rather than the user ID (the part subjected to authentication).

Subsequently, as illustrated in FIG. 18, the authentication unit 92 of the authentication server 9 encodes a token (transmission right) (S41). The transmitter and receiver 91 of the authentication server 9 transmits an ID authentication result to the distributed data processing terminal 6, using the URL of the distributed data processing terminal 6 received at S29 (S42). The ID authentication result indicates whether or not the distributed data processing terminal 6 is an authorized terminal, and further includes the token encoded at S41 when the distributed data processing terminal 6 is an authorized terminal. When the distributed data processing terminal 6 is not an authorized terminal, the ID authentication result includes an error message. Accordingly, the transmitter and receiver 61 of the distributed data processing terminal 6 receives the ID authentication result indicating whether the distributed data processing terminal 6 is an authorized terminal, that is, whether the user is authorized to use the requested service. The following describes an example case in which the user is determined to be the authorized user.

The transmitter and receiver 61 of the distributed data processing terminal 6 transmits a request for establishing a session to the service providing server 8 (S43). This session establishment request includes the terminal ID, which is authenticated, and the encoded token received at S42. Accordingly, the transmitter and receiver 81 of the service providing server 8 receives the session establishment request.

Next, to confirm that the distributed data processing terminal 6 that transmitted the session establishment request has been determined to be a terminal operated by the authorized user at S30, the service providing server 8 transmits a token authentication request to the authentication server 9 (S44). The token authentication request includes the encoded token received at S43. Accordingly, the transmitter and receiver 91 of the authentication server 9 receives the token authentication request.

Next, the authentication unit 92 decodes the encoded token received at S44 (S45). The authentication unit 92 authenticates the token by comparing the token before encoding at S41 with the token after decoding at S45 (S46). Then, the transmitter and receiver 91 of the authentication server 9 transmits the token authentication result of S46 to the service providing server 8 (S47). Accordingly, the transmitter and receiver 81 of the service providing server 8 receives the token authentication result. The following illustrates the example case in which the token is authenticated at S46.

Next, the storing and reading unit 89 of the service providing server 8 newly assigns a session ID to a session being established with the distributed data processing terminal 6, and stores in the session management table (FIG. 13) the terminal ID and the IP address of the distributed data processing terminal 6, received at S21, in association with the newly-assigned session ID (S48). The transmitter and receiver 81 transmits data of a service providing screen to the distributed data processing terminal 6 through the established session (S49). The transmitter and receiver 81 further transmits an authentication server ID of the authentication server 9, and the session ID generated at S48. Accordingly, the transmitter and receiver 61 of the distributed data processing terminal 6 receives the data of the service providing screen, the authentication server ID, and the session ID.

Next, the display control 67 of the distributed data processing terminal 6 controls the display 517 to display the service providing screen s2 as illustrated in FIG. 20 (S50). FIG. 20 illustrates an example of the service providing screen s2 displayed at the distributed data processing terminal 6. The service providing screen s2 requests the user to enter a detection target. As described above, in this example, it is assumed that more than one image acquisition terminal 2 is provided under management of the distributed data processing terminal 6. The user at the distributed data processing terminal 6 selects at least one image acquisition terminal 2, as a detection target.

The following describes an example case in which a remote operation service is provided as an example service, which remotely controls the image acquisition terminal 2 from the distributed data processing terminal 6. The service providing screen s2 illustrated in FIG. 20 includes an entry field c1 for an IP address for identifying a remote-control target, and a “remote control start” button c2. In this example, the IP address for identifying an address of the image acquisition terminal 2 is input as the IP address for identifying the remote control target. Alternatively, the distributed data processing terminal 6 may set the image acquisition terminal 2 as a remote control target, by a terminal ID of the image acquisition terminal 2 entered by a user, or by a connection address (other than the IP address) of the image acquisition terminal 2 stored in the distributed data processing terminal 6.

As described above, more than one image acquisition terminal 2 may be managed by the distributed data processing terminal 6. In such case, the user at the distributed data processing terminal 6 enters information identifying one or more of the image acquisition terminals 2, as a remote control target.

Through operation of FIGS. 17 and 18, the distributed data processing terminal 6 performs objection detection service, provided by the service providing server 8, with respect to the image acquisition terminal 2. The processing of objection detection service includes a series of processing described below.

<Preparation Processing for Image Recognition>

Referring now to FIGS. 21 to 23, image recognition preparation processing is described according to the embodiment. FIG. 21 is a sequence diagram illustrating operation of processing an image recognition start request, performed by the communication system 1, according to the embodiment.

As illustrated in FIG. 21, in the distributed data processing terminal 6, the acceptance unit 62 accepts a request to start image recognition from the user (S61). In this example, the distributed data processing terminal 6 displays a screen to the user using a GUI (Graphical User Interface), which allows the user to input an instruction. In other words, the distributed data processing terminal 6 provides a user interface for the real-time data processing terminal 3. In response to a user instruction, the transmitter and receiver 61 of the distributed data processing terminal 6 transmits a request to start image recognition to the terminal data processing device 5 for the image acquisition terminal as the remote-control target (S62). The start request includes the authentication server ID for identifying the authentication server 9 that has performed the above-described authentication processing (FIGS. 17 and 18) and the session ID set in the operation of FIG. 18, which are respectively received at S49 of FIG. 18. The transmitter and receiver 51 of the terminal data processing device 5 receives the image recognition start request. The communication unit 58 of the terminal data processing device 5 transmits the image recognition start request to the real-time data processing terminal 3 (S63). The communication unit 48 of the real-time data processing terminal 3 receives the image recognition start request. As described above, since the user interface is separate from the real-time data processing terminal 3, remote control of the real-time data processing terminal 3 is made possible from the distributed data processing terminal 6 that provides a user interface for the real-time data processing terminal 3.

FIG. 22 is a sequence diagram illustrating operation of preparing for real-time processing to be performed by the real-time data processing terminal 3, according to the embodiment. For example, the real-time data processing terminal 3 of the image acquisition terminal 2, which has received the image recognition start request in FIG. 21, executes the sequence of FIG. 22. As illustrated in FIG. 22, the connection unit 38 of the real-time data processing terminal 3 acquires the model number of the imaging unit 40 from the imaging unit 40 (S71). In this case, in response to a request for model number from the connection unit 38, the imaging unit 40 transmits the model number of its own imaging unit 40 to the connection unit 38.

More specifically, the storing and reading unit 39 searches the imaging element data management DB 3001 (FIG. 10A) using the model number of the imaging unit 40, acquired from the imaging unit 40 at S71, as a search key, to read the number of imaging elements and the lens type that are associated with the acquired model number. Furthermore, the storing and reading unit 39 searches the cycle value management DB 3002 (FIG. 10B) using the number of imaging elements, which is read at S72, as a search key to obtain the cycle value associated with the number of imaging elements that is read (S73).

Next, the storing and reading unit 39 searches the image acquisition program management DB 3003 (FIG. 11A) for the image acquisition program to be executed by the image acquisition terminal 2 (real-time data processing terminal 3), using the number of imaging elements read out at S72 as a search key (S74). Similarly, the storing and reading unit 39 searches the image composition program management DB 3004 (FIG. 11B) for the image composition program to be executed by the image acquisition terminal 2 (real-time data processing terminal 3), using the number of imaging elements read out at S72 as a search key (S75). Similarly, the storing and reading unit 39 searches the distortion correction program management DB 3005 (FIG. 11C) for the distortion correction program to be executed by the image acquisition terminal 2 (real-time data processing terminal 3), using the lens type read out at S72 as a search key (S76). Further, the storing and reading unit 39 searches the service program management DB 3006 (FIG. 11D) for the service program to be executed by the image acquisition terminal 2 (real-time data processing terminal 3), using the authentication server ID that is received at S63 (FIG. 21) as a search key (S77).

Next, the determiner 33 determines whether or not all the programs to be executed are installed (S78), based on the search results at S74 to S77, each indicating whether or not information indicating that the program to be executed is installed is stored in the corresponding DB (table). For example, when the search result by the storing and reading unit 39 indicates that information indicating that the image acquisition program is installed is stored in the image acquisition program management DB 3003 at S74, the determiner 33 determines that the image acquisition program has been installed. In contrary, when the search result indicates that information indicating that the image acquisition program is not installed is stored in the image acquisition program management DB 3003, the determiner 33 determines that the image acquisition program is not installed.

When the determiner 33 determines that all four programs are installed (S78: YES), the operation of FIG. 22 ends. On the other hand, when the determiner 33 determines that at least one program among the four programs is not installed (S78: NO), the operation proceeds to S91 described below referring to FIG. 23.

Please note that a number of programs to be installed differs depending on the number of imaging elements or type of lens of the imaging unit 40.

FIG. 23 is a sequence diagram illustrating processing to acquire a program, performed by the communication system 1, according to the embodiment. In this example, the real-time data processing terminal 3 acquires a program that is determined as not installed through the operation of FIG. 22, from the service providing server 8.

First, as illustrated in FIG. 23, the communication unit 48 of the real-time data processing terminal 3 transmits, to the communication unit 58 of the terminal data processing device 5, a request for a program not installed (S91). This request for program includes a name of the program to be installed obtained through operation of FIG. 22, and the authentication server ID and the session ID that are received at S63 of FIG. 21.

Next, the transmitter and receiver 51 of the terminal data processing device 5 transmits the program request received at the communication unit 58 to the transmitter and receiver 61 of the distributed data processing terminal 6 (S92). Then, the transmitter and receiver 61 of the distributed data processing terminal 6 transmits the program request to the transmitter and receiver 81 of the service providing server 8, through the established session (S93).

Next, in the service providing server 8, the storing and reading unit 89 checks the validity of the program request based on the authentication server ID and the session ID in the program request, and reads out a program indicated by the program name included in the program request (S94). Then, the transmitter and receiver 81 transmits the read program to the transmitter and receiver 61 of the distributed data processing terminal 6 (S95). With the read program, a name of the requested program, the authentication server ID, and the session ID are also transmitted.

Next, the transmitter and receiver 61 of the distributed data processing terminal 6 transmits a program identified with the program name to the transmitter and receiver 51 of the terminal data processing device 5 of the image acquisition terminal 2, which is identified with the authentication server ID and the session ID (S96). The communication unit 58 of the terminal data processing device 5 transmits the program identified with the program name to the communication unit 48 of the real-time data processing terminal 3 (S97).

Next, the storing and reading unit 39 of the real-time data processing terminal 3 installs the program acquired by the communication unit 48. The storing and reading unit 39 further registers, in corresponding one of the tables of FIGS. 11A to 11D, information indicating that the requested program is installed. For example, in case the service program is installed, the storing and reading unit 39 registers, in the service program management table of 11D, the information indicating installation of the service program in association with the program name of the program being installed and the authentication server ID (S98).

Next, the storing and reading unit 39 activates all the programs necessary for image recognition processing (S99). Accordingly, the real-time data processing terminal 3 starts the real-time processing as described below, by executing the activated programs.

<Image Recognition Processing>

(Object Detection Processing)

The following describes the example case in which the “log in to object detection service” button b1 illustrated in FIG. 19 is pressed and the service providing server 8 permits the distributed data processing terminal 6 to execute the object detection service as described above referring to FIGS. 17 to 23. That is, after the above-described operations referring to FIGS. 17 to 20 are performed, the “start remote control” button c2 in FIG. 20 is pressed at the distributed data processing terminal 6, designating the image acquisition terminal 2 as a remote control target. The distributed data processing terminal 6 transmits a request to start image recognition to the image acquisition terminal 2. FIG. 24 is a sequence diagram illustrating image recognition processing, performed by the communication system 1 of FIG. 1, according to the embodiment. The real-time data processing terminal 3 performs real-time processing (S111). In the following, the real-time data processing is described with reference to FIGS. 25 and 26. FIG. 25 is a flowchart illustrating an example of object detection processing, performed in the real-time processing.

First, the determiner 33 determines whether or not a number of imaging elements in the imaging unit 40, connected to the real-time data processing terminal 3, is one (S201). In this case, the determiner 33 determines the number of imaging elements, based on the number of imaging elements read out at S72. If the number of imaging elements is one (S201: YES), referring to the cycle value management table of FIG. 10B, the image processing unit 34 sets a cycle value, which defines a time interval for repeating the real-time processing, to 1/60 seconds (S202). Specifically, the image processing unit 34 sets the cycle value read out at S73.

Next, the connection unit 38 acquires captured image data, from the imaging unit 40 having one imaging system (here, the imaging unit 40 a) (S203). The captured image data is digital image data, and is, for example, data of 4K image (3840 image pixel width×2160 image pixel height). In this case, the connection unit 38 executes processing according to the image acquisition program (ProgC01 (1 system)) described above referring to FIG. 11A. In executing this processing, the real-time data processing terminal 3 does not have to determine whether or not execution of the image acquisition program is allowed using the authentication server ID included in the image recognition start request, with reference to the table of FIG. 11D. That is, since the image acquisition program is previously determined as the application not requiring authentication, authentication is not performed.

Next, the image processing unit 34 searches for feature points in the captured image data, as a candidate of a specific object, to detect the specific object (S204). Specifically, the image processing unit 34 picks up a rectangular section, one by one, starting from the edge of the captured image, to search for features points that match the shape model data of the object that is previously stored in the storage unit 3000, and specifies a position (coordinates) of the feature points that match the shape model data. The processing of S204 may be performed using any desired known method, such as the method described in, for example, Hitoshi IMAOKA, et. al., “Face recognition technology and its application: features on elemental technologies and solutions supporting public safety”, Biometrics authentication, NEC Technical Journal, Vol. 63, no. 3, pp. 26-30, 09/2010. In this case, the image processing unit 34 determines whether or not the authentication server ID included in the image recognition start request received at S63 is an appropriate authentication server ID managed in the service program management table of FIG. 11D, in association with the service program (ProgD01 (object detection)), and executes the processing based on the determination result. That is, since the object detection service program is previously determined as the application requiring authentication, authentication is performed.

Next, the image processing unit 34 corrects the distortion in the image including the detected object (S205). In this case, the image processing unit 34 executes processing according to the image processing program (ProgW01 (wide-angle correction)) as described above referring to FIG. 11C. In executing this processing, the real-time data processing terminal 3 does not have to determine whether or not execution of the wide-angle distortion correction program is allowed using the authentication server ID included in the image recognition start request, with reference to the table of FIG. 11D. That is, since the distortion correction program is previously determined as the application not requiring authentication, authentication is not performed.

On the other hand, when the number of imaging elements is not one (S201: NO), referring to the cycle value management table of FIG. 10B, the image processing unit 34 sets a cycle value indicating a cycle time for repeating the real-time processing, to 1/30 seconds (S206). Specifically, the image processing unit 34 sets the cycle time to be the cycle value read out at S73. The cycle time is set to 1/30 seconds, which is longer than a time it requires for one input, thus preventing the later-described image composition processing from delaying.

Next, the connection unit 38 acquires two items of captured image data from the imaging unit 40 having two imaging systems (the imaging unit 40 b) (S206). The two items of captured image data are data of hemispherical images as illustrated in FIGS. 4A and 4B, respectively. In this case, the connection unit 38 executes processing according to the image acquisition program (ProgC02 (2 systems)) as described referring to FIG. 11A. In executing this processing, the real-time data processing terminal 3 does not have to determine whether or not execution of the image acquisition program is allowed, as described above.

Then, the image processing unit 34 combines the two items of captured image data to create an equirectangular projection image EC as illustrated in FIG. 4C (S208). In this case, the image processing unit 34 executes the processing according to the image composition program (ProgS02 (image composition)) described referring to FIG. 11B. In executing this processing, the real-time data processing terminal 3 does not have to determine whether or not execution of the image composition program is allowed using the authentication server ID included in the image recognition start request, with reference to the table of FIG. 11D.

The operation then proceeds to S204, and the image processing unit 34 detects the feature points of the object in data of the equirectangular projection image EC, to detect the object. In this case, the image processing unit 34 determines whether or not the authentication server ID included in the image recognition start request is an appropriate authentication server ID managed in the table of FIG. 11D, in association with the service program (ProgD01 (object detection)), and executes the processing based on the determination result.

Next, at S205, the image processing unit 34 corrects the distortion in the image of the detected object. In this case, the image processing unit 34 executes processing according to the image processing program (ProgW02 (fish-eye correction)) as described above referring to FIG. 11C. In executing this processing, the real-time data processing terminal 3 does not have to determine whether or not execution of the fish-eye distortion correction program is allowed using the authentication server ID included in the image recognition start request, with reference to the table of FIG. 11D.

As described above, in real-time processing, S204 of detecting an object is performed based on authentication.

Referring back to FIG. 24, the communication unit 48 of the real-time data processing terminal 3 transmits captured image data to the communication unit 58 of the terminal data processing device 5 (S112). The transmitter and receiver 51 of the terminal data processing device 5 transmits the captured image data received at S112 to the transmitter and receiver 61 of the distributed data processing terminal 6 (S113). Accordingly, the display control 67 of the distributed data processing terminal 6 causes the display 517 to display a captured image as illustrated in FIG. 27A in real time (S114). FIGS. 27A and 27B are each an illustration of an example captured image, displayed at the distributed data processing terminal 6. The captured image is displayed with a frame that indicates a rectangle having a detected object (in this case, a detected human face). The above-described S112 to S114 correspond to process to stream data.

Next, referring to FIG. 26, processing of event generation, performed in the real-time processing, is described according to the embodiment. FIG. 26 is a flowchart illustrating an example of event generation processing, performed in the real-time processing, according to the object detection service program.

As illustrated in FIG. 25, when the image processing unit 34 does not detect an object (in this case, a human face) at S204 (S211: NO), the image processing unit 34 determines whether or not a predetermined time (the cycle value that is set) has elapsed (S212). This operation repeats until the predetermined time has elapsed (S212: NO). When the predetermined time has elapsed (S212: YES), the operation returns to S211. On the other hand, when the object detector 35 detects an object (in this case, a human face) at S204 (S211: YES), the operation proceeds to S213. At S213, the image processing unit 34 determines whether the detected object is one or more than one. When the image processing unit 34 detects a plurality of objects (here, two or more human faces) at S204 (S213: NO), the display control 37 displays a captured image having the objects, with a message m1, as illustrated in FIG. 27B (S214). This message m1 could be any content as long as it can trigger a user's action to capture an image that includes only one object (one human face). The operation then proceeds to S212.

On the other hand, when the image processing unit 34 detects only one object (here, a human face) at S204 (S213: YES), the display control 37 displays the captured image without the message m1 of FIG. 27B (S215). For example, when the message m1 is already displayed for the captured image that is previously displayed, the display control 37 stops displaying the message m1.

Next, the image processing unit 34 encodes the partial image data, which is a part of the captured image that includes the detected human face, in a general-purpose format such as JPEG (S216). The event generator 36 generates an event message notifying that the partial image data is transmitted to the terminal data processing device 5 (S217). Specifically, the event generator 36 generates the event message m2 such as “Send”.

The real-time processing of S111 illustrated in FIG. 24 then ends. The communication unit 48 transmits the event message m2 generated at S217 and the partial image data detected at S204 to the communication unit 58 of the terminal data processing device 5 (S115). When a plurality of objects (in this case, human faces) are detected at S204, at S115, a plurality of items of partial image data are transmitted together with one event message m2. When real-time detection of an object (human face) is not necessary, such as in the example case where the distributed processing system 100 is disposed in a shop or the like, the real-time data processing terminal 3 may accumulate the event message m2 and the partial image data in its local memory during a day, when the shop is opened. After the shop is closed, for example, during the night, the real-time data processing terminal 3 may transmit the event message m2 and the partial image data to the terminal data processing device 5.

Next, the data detector 56 of the terminal data processing device 5 detects whether or not the event message m2 “Send” is received at the communication unit 58 (S116). When the event message m2 is received (S116: YES), the communication unit 58 receives the partial image data transmitted together with the event message m2 (S117). The storing and reading unit 59 temporarily stores the partial image data in the storage unit 5000 (S118).

Next, the data detector 56 monitors for the partial image data to determine whether reception of the partial image data is completed or not (S119). The processing of S119 is repeated until all items of partial image data is received for all of event messages m2 that are received (S119: NO). When reception of the partial image data is completed (S119: YES), the storing and reading unit 59 reads partial image data, each having been transmitted with the event message m2 and temporarily stored in the storage unit 5000 (S120). The transmitter and receiver 51 transmits all items of partial image data read out at S120 to the transmitter and receiver 61 of the distributed data processing terminal 6 via the intranet 200 (S121). Accordingly, the transmitter and receiver 61 of the distributed data processing terminal 6 receives all items of partial image data. The partial image data is later used as data to be verified using verification data.

Next, with reference to FIGS. 28 to 30, processing of verifying data to be verified, i.e., the partial image data, using the registered verification data is described, according to the embodiment. FIG. 28 is a sequence diagram illustrating processing of verifying the data to be verified, performed by the object detection service program, according to the embodiment. FIG. 29A is an illustration of an example file selection screen for selecting verification data, displayed at the distributed data processing terminal 6. FIG. 29B is an illustration of an example registration screen for registering verification data, displayed at the distributed data processing terminal 6. FIG. 30 is an illustration of an example screen with a verification result message m3, displayed at the distributed data processing terminal 6.

To register the verification data, the user operates the distributed data processing terminal 6 to cause the display control 67 to display the file selection screen as illustrated in FIG. 29A for allowing selection of verification data to be registered. When the user selects an image to be registered (in this case, a facial image) after pressing the “Select file” button b11, the acceptance unit 62 accepts the selection of the image file to be registered (S311). As illustrated in FIG. 29B, the display control 67 controls the display 517 to display the registration screen for registering the verification data that is selected. The registration screen illustrated in FIG. 29B includes a selected image file (an image and a file name) a21, a name entry field a22, a “Register” button b21, and a “Cancel” button b22. After confirming that the selected image file a21 is the desired image file (an image and a file name), the user enters a name of the image file to be registered as verification data in the name entry field a22, and then presses the “Register” button b21. For example, the user may enter a name of a specific object (i.e., an individual) in the image file, as the name to be registered for the selected image file. In response to pressing of the “Register” button b21, the acceptance unit 62 accepts registration of the verification data, and the storing and reading unit 79 registers the selected image file as the verification data (S312). Specifically, the storing and reading unit 69 stores, in the verification data management DB 6001, the file name a21 and the name entered in the name entry field a22 in association with each other. When the selected image file a21 is not the desired image file, the user presses the “Cancel” button b22 to cause the display 517 to display the file selection screen illustrated in FIG. 29A. As described above, the verification data is registered directly to the distributed data processing terminal 6, rather than registering to the terminal data processing device 5. This sufficiently reduces the load on communication network, caused due to communication between the terminal data processing device 5 and the distributed data processing terminal 6.

After the transmitter and receiver 61 of the distributed data processing terminal 6 receives the partial image data at S121, the storing and reading unit 69 searches the verification data management DB 6001 to determine whether there is any verification data that has been registered (S313). When it is determined that there is any verification data being registered, the transmitter and receiver 61 transmits verification request information, i.e., a verification request to the centralized data processing server 7 via the Internet 600 (S314). The verification request includes verification data (target data to be verified) and data to be verified. The centralized data processing server 7 receives the verification request at the transmitter and receiver 71. Specifically, one or more items of verification data in the verification data management table illustrated in FIG. 12 are transmitted, sequentially, from the verification data listed at the top. That is, the verification data that is read first and the data to be verified that is received at S121 are transmitted with a verification request. As a next verification request, the verification data that is read next (target data to be verified) and the verification data received at S121 for the next time are transmitted.

Next, in the centralized data processing server 7, the feature value generator 74 decodes both data (verification data and data to be verified) into bitmap data, and calculates parameters of feature values for each of both data (S315). Such feature value parameters are used to identify an individual using various types of information that can be discriminative such as height or slope of facial components such as a nose or eyes detected in the facial image. The verification unit 75 compares the feature value parameters between the verification data and the data to be verified, and calculates the degree of similarity between these data (S316). The similarity may be calculated using any desired method, such as the method based on a deep neural network (DNN: Deep Neural Network), described in Takayuki OKATANI, “Deep learning and image recognition: basic and recent trends (<Special feature> Neuroscience and mathematical modeling)” Operations research: Management science 60 (4), 198-204, 2015-04-01. The feature value parameters of the verification data are an example of a first feature value parameter, and the feature value parameters of the data to be verified are an example of a second feature value parameter.

Next, the transmitter and receiver 71 of the centralized data processing server 7 transmits a response to the verification request received at S314 to the transmitter and receiver 61 of the distributed data processing terminal 6 via the Internet 600 (S317). The response includes the degree of similarity, which is calculated at S316 as the verification result. The transmitter and receiver 61 of the distributed data processing terminal 6 receives the response including the verification result.

Next, in the distributed data processing terminal 6, the storing and reading unit 69 temporarily stores, in the storage unit 6000, the “name” assigned to the verification data included in the verification request transmitted at S314 and the “similarity” received at S317 in association (S318). The above-described processing from S313 to S318 is performed on verification data listed next in the verification data management table in FIG. 12.

On the other hand, when it is determined at S313 that there is no verification data being registered (including cases where there is absolutely no verification data), the operation proceeds to S319. The storing and reading unit 69 reads the “name” assigned to the verification data having the maximum degree of similarity, from all of verification data temporarily stored in the storage unit 6000 (S319). The display control 67 controls the display 517 of the distributed data processing terminal 6, to display the verification result message as illustrated in FIG. 30, on the real-time captured image as illustrated in FIG. 27A (S320). The verification result message m3 includes a “verification result” and a “name” assigned to the verification data having the maximum degree of similarity.

(Object Counting)

As described above, in response to selection of the authentication server selection button a1 illustrated in FIG. 19, the object detection service is executed according to the object detection program ProgD01, which is one example of image recognition process. Next, a description will be given of a case where object counting is executed according to the object counting program ProgD02, which is another example of image recognition process, in response to selection of the authentication server selection button a2 illustrated in FIG. 19 at S25. Similar to the case of executing the object detection program ProgD01, after the above-described operations referring to FIGS. 17 to 20 are performed, the “start remote control” button c2 in FIG. 20 is pressed at the distributed data processing terminal 6, designating a specific image acquisition terminal 2 as a remote control target. Referring now to FIGS. 31 to 33, object counting is described according to the embodiment.

For the descriptive purposes, only the differences with the above-described operation for objection detection is described below.

FIG. 31 is a diagram illustrating an example layout of a certain room in which the image acquisition terminal 2 is provided. In the following, an image capturing area R1 of the image acquisition terminal 2 is reduced by half, so as to only cover the left half of the image capturing area R1, rather than covering the entire image capturing area R1. For example, when the image acquisition terminal 2 is used as a surveillance camera, the entrance D2 at a right side is exclusively for employees, such that there is a low chance that a suspicious person enters from the entrance D2, as an employee IC card is required to enter. On the other hand, the entrance D1 at a left side is for guests, such that a suspicious individual may enter from the entrance D2. Accordingly, in this example, a detection range of the object is limited to the left half of the image capturing area R1. Depending on a layout of a particular room, a detection range of the object may be a right half, an upper half, a lower half, or the like. Further, the image capturing area R1 may not only divided by two, but divided into four, for example, such that the number of divisions may be changed depending on application of the image acquisition terminal 2.

FIG. 32 is a flowchart illustrating a modified example of the event generation processing, in the real-time processing, described above referring to FIG. 26 for the case when the object detection service is selected from the screen of FIG. 19. FIG. 33 is a flowchart illustrating a modified example of the verification processing, described above referring to FIG. 28 for the case when the object detection service is selected from the screen of FIG. 19.

Referring to FIG. 32, S221 is performed in a substantially similar manner as described above referring to S211 in FIG. 26. More specifically, the image processing unit 34 determines whether or not the authentication server ID included in the image recognition start request is an appropriate authentication server ID managed in the service program management table of FIG. 11D, in association with the service program (ProgD02 (object counting)), and executes the processing based on the determination result. As illustrated in FIG. 25, when the image processing unit 34 does not detect an object (in this case, a human face) at S204 (S221: NO), the image processing unit 34 determines whether or not a predetermined time (the cycle value that is set) has elapsed (S222). This operation repeats until the predetermined time has elapsed (S222: NO). When the predetermined time has elapsed (S222: YES), the operation returns to S221. On the other hand, when the image processing unit 34 detects an object (in this case, a human face) at S204 (S221: YES), the operation proceeds to S223. At S223, the image processing unit 34 determines whether the detected object is within a detection range (S223). When the coordinate (x, y) of the object detected by the image processing unit 34 is not within the detection range (within the left half of the image capturing area R1 in this case) (S223: NO), the operation proceeds to S222. On the other hand, when the coordinate (x, y) of the object detected by the image processing unit 34 is within the detection range (within the left half of the image capturing area R1 in this case) (S223: YES), the operation proceeds to S224. Here, the coordinate (x, y) of the object is represented by the width direction (x) and the height direction (y), with respect to the upper left of the entire captured image as an origin. Specifically, assuming that the width of the entire captured image is W, when the coordinate x is less than (W/2), the result at S223 is YES. When the coordinate x is equal to or greater than (W/2), the result at S223 is NO. Referring to FIG. 32, S224 and S225 are performed in a substantially similar manner as described above referring to S216 and S217 in FIG. 26.

Next, with reference to FIG. 33, the processing to be performed by the communication system 1 is described, in an example case in which the communication system 1 is applied to the surveillance camera system. The processing described above referring to S311 to S319 in FIG. 28 is performed, to obtain the degree of similarity between the data to be verified and the verification data.

After S319, the determiner 63 of the distributed data processing terminal 6 determines whether the maximum similarity read out at S319 is equal to or greater than a threshold (for example, the threshold is “0.5” in the case of “1” being an exact match) (S331). In this case, when the maximum similarity is less than the threshold value, the distributed data processing terminal 6 determines that the object (face) is unknown. Then, the display control 67 causes the display 517 of the distributed data processing terminal 6 to display the verification result message m3 in FIG. 30, with the verification result “unknown” (S332). In this case, the verification result message m3 does not display any name, as there is no person who is identified.

Next, when the distributed data processing terminal 6 determines the object as an unknown person (S333: YES), the storing and reading unit 69 increases the number of unknown persons, managed by the storage unit 6000, by one (S334). The transmitter and receiver 61 transmits, to the transmitter and receiver 71 of the centralized data processing server 7, one count indicating the unknown person, being managed by the storage unit 6000, and the date and time when the image of the unknown person is captured at the real-time data processing terminal 3 (S335). The transmitter and receiver 71 of the centralized data processing server 7 receives one count of unknown person and date and time when the image of unknown person is captured. The storing and reading unit 69 of the centralized data processing server 7 stores the number of unknown persons, which is increased by the one count, in association with the captured date and time (S336).

Referring back to S333, when the distributed data processing terminal 6 determines the object as known (S333: NO), the display control 67 controls the display 517 of the distributed data processing terminal 6 to display a message indicating that processing to determine whether the person who has entered is unknown ends (S337).

In this example, it is assumed that the date and time when the captured image is taken is also transmitted, when the captured image data is transmitted from the real-time data processing terminal 3 to the distributed data processing terminal 6 at S112 and S113 in FIG. 24. In alternative to the date and time when the captured image is taken, as illustrated in FIG. 24, the date and time at which the terminal data processing device 5 receives the captured image data at S112, or the date and time at which the terminal data processing device 5 transmits the captured image data at S113 may be used. Alternatively, the date and time when the distributed data processing terminal 6 receives the captured image data at S13 in FIG. 24 may be used.

Furthermore, before S112, the real-time data processing terminal 3 may transmit the location information indicating the location of the real-time data processing terminal 3 to the distributed data processing terminal 6 via the terminal data processing device 5. With this configuration, the distributed data processing terminal 6 can also transmit the location information at S335 with one count of unknown person, such that the centralized data processing server 7 is able to manage the one count of unknown person, the date and time when the image is captured, and the location information in association with one another, for later analysis. The centralized data processing server 7 may manage a terminal ID (identifier) for identifying the real-time data processing terminal 3 (or the image acquisition terminal 2) and location information indicating the location of the real-time data processing terminal 3 (or the image acquisition terminal 2), in association with each other. The distributed data processing terminal 6 may then transmit the terminal ID of the real-time data processing terminal 3 that captures the unknown person, in alternative to the location information, at S335. Accordingly, the centralized data processing server 7 can also manage the installation location of the distributed data processing terminal 6.

As described above, according to one or more embodiments described above, in performing a series of image processing on image data, the image acquisition terminal 2 of the communication system 1 executes various types of application programs that may be provided by the service providing server 8. More specifically, in performing a series of image processing to image data that is acquired, the image acquisition terminal 2 executes a first program that does not require authentication of a user to perform first image processing, and executes a second program that requires authentication of the user to perform second image processing. The user is, for example, a user who operates the distributed data processing terminal 6 that manages the image acquisition terminal 2. This reduces a time required for performing the series of image processing, as the first image processing can be started without authentication, while still considering the security as the second image processing is started based on authentication.

The second image processing, or the second program, is related to processing user-specific information that can identify the user, such as the object detection program or the object counting program described above.

As described above, as illustrated in FIG. 7, the real-time data processing terminal 3 extracts partial image data, which is data to be verified, from the captured image data using the image recognition application AP1. The terminal data processing device 5 transmits the partial image data to the distributed data processing terminal 6 using the communication application AP2. With this configuration, the processing load is distributed between the real-time data processing terminal 3 and the terminal data processing device 5. Accordingly, the real-time data processing terminal 3 is able to constantly repeat the real-time processing of capturing images, with the cycle time of 1/60 seconds. In particular, even when a plurality of real-time data processing terminals 3 are provided on the intranet 200, since the terminal data processing device 5 communicates with the distributed data processing terminal 6, each real-time data processing terminal 3 is able to constantly repeat the real-time processing of capturing images with the cycle time of 1/60 seconds without being interrupted by communication. Furthermore, the terminal data processing device 5 is located at a location that is physically close to the real-time data processing terminal 3 to establish one-to-one connection, compared with a physical distance between the real-time data processing terminal 3 and each one of the distributed data processing terminal 6 and the centralized data processing server 7. Accordingly, data can be transmitted at high speed, reducing a processing time for obtaining the verification result. In addition, even when the number of imaging elements changes due to different imaging units 40 as illustrated in FIG. 3, the image acquisition terminal 2 is not affected by the number of imaging units.

Since the real-time data processing terminal 3 outputs the partial image data, instead of the entire captured image data, a size (or an amount) of data to be transmitted from the image acquisition terminal 2 to the distributed data processing terminal 6 via the intranet 200 is sufficiently reduced. This sufficiently suppress the amount of data transmitted via the intranet 200 and the Internet 600. Furthermore, the real-time data processing terminal 3 encodes the partial image data into a compressed format, such that a size of data transmitted from the terminal data processing device 5 to the distributed data processing terminal 6 via the intranet 200 is further reduced.

When a plurality of human faces is detected, as illustrated in FIG. 27B, a message the requests to take a picture of one person is displayed. With this message, the real-time data processing terminal 3 processes a facial image of only one person at a time, thus improving the accuracy in face recognition to ensure the security.

As described above, in the object counting process, the centralized data processing server 7 requires only half the detection range of the object, compared to the case where the entire detection range of the object is subjected to detection. This further reduces frequencies in transmitting the partial image data from the terminal data processing device 5 to the centralized data processing server 7 via the distributed data processing terminal 6. Accordingly, an amount of data to be transmitted over the intranet 200 and the Internet 600 is further reduced.

Further, the number of unknown persons is stored in the centralized data processing server 7, which is accessible from the distributed data processing terminal 6 or the like, to allow an authorized user to check the number of unknown persons.

In any one or more of the above-described embodiments, any desired data other than the captured image data that has been captured with the imaging unit 40 may be processed, such as image data created by the user. That is, examples of image data to be processed include the captured image data and the image data created by the user. Alternatively, the image acquisition terminal 2, which is an example of a communication terminal, may generate image data rather than obtaining the image data from the outside. Further, the image acquisition terminal 2 may acquire data other than image data, such as audio data by collecting audio or even temperature data from a temperature sensor, or humidity data from a humidity sensor.

Further, any one of the CPUs 301, 501, and 701, etc. may be a single processor or a multiple processor. Similarly, any one of the image acquisition terminal 2, the distributed data processing terminal 6, and the centralized data processing server 7 may be implemented by one or more apparatus such as one or more computers. The distributed data processing terminal 6 may also operate as a server.

The above-described embodiments are illustrative and do not limit the present invention. Thus, numerous additional modifications and variations are possible in light of the above teachings. For example, elements and/or features of different illustrative embodiments may be combined with each other and/or substituted for each other within the scope of the present invention.

Each of the functions of the described embodiments may be implemented by one or more processing circuits or circuitry. Processing circuitry includes a programmed processor, as a processor includes circuitry. A processing circuit also includes devices such as an application specific integrated circuit (ASIC), digital signal processor (DSP), field programmable gate array (FPGA), System on Chip (SOC), and graphical processing unit (GPU), and conventional circuit components arranged to perform the recited functions.

The illustrated apparatuses are only illustrative of one of several computing environments for implementing the embodiments disclosed herein. For example, in some embodiments, any of the servers in the communication system 1 includes a plurality of computing devices, e.g., a server cluster, that are configured to communicate with each other over any type of communications link, including a network, a shared memory, etc. to collectively perform the processes disclosed herein.

Moreover, the service providing server 8 and the authentication server 9 can be configured to share the processing of authenticating the user in various combinations. That is, the illustrated elements of the service providing server 8 and the authentication server 9 can be combined into a single server apparatus, or divided between a plurality of machines in combinations other than that shown in any of the above-described figures. 

The invention claimed is:
 1. A communication system comprising: a communication terminal configured to obtain image data; and a service providing server configured to provide one or more services to the communication terminal, the communication terminal comprising circuitry configured to: receive a request for providing a service requested by a user, the service being one of the one or more services provided by the service providing server; and perform a series of image processing on the image data obtained at the communication terminal to implement the requested service in cooperation with the service providing server, the circuitry being configured to, in performing the series of image processing, execute a first program to perform first image processing on the image data, the first program requiring no authentication of the user in performing the first image processing; and execute a second program to perform second image processing on the image data, based on a result of authentication of the user indicating that the user requesting the service is authorized to perform the second image processing, wherein the communication system further comprises: one or more authentication servers each being configured to authenticate a user to authorize or not authorize to use corresponding one of the one or more services provided by the service providing server, wherein the service providing server is configured to: transmit a request for authenticating the user who has requested the service to corresponding one of the one or more authentication servers that authenticates the user to authorize use of the requested service; and receive a response including an authentication server identifier identifying the corresponding authentication server that has authenticated the user to authorize use of the requested service, wherein the authentication of the user for executing the second program is determined using the authentication server identifier that is included in the response.
 2. The communication system of claim 1, further comprising: a data processing terminal configured to remotely control the communication terminal according to a user operation, the data processing terminal being identified with a terminal identifier, wherein the service providing server transmits, with the request for authenticating the user, only a part of the terminal identifier subject for user authentication.
 3. The communication system of claim 2, wherein the data processing terminal is configured to control a display to display an image based on the image data applied with the series of image processing.
 4. The communication system of claim 1, wherein the one or more services provided by the service providing server includes at least one of a service to detect a specific object in the image data and a service to count a number of specific objects in the image data, wherein, when the service to detect a specific object is requested, the circuitry of the communication terminal executes an object detection program for detecting a specific object in the image data as the second program, and wherein, when the service to count a number of specific objects in the image data is requested, the circuitry of the communication terminal executes an object counting program for counting a number of specific objects in the image data.
 5. The communication system terminal of claim 1, wherein: the second image processing includes object detection processing.
 6. The image processing method of claim 1, wherein: the second image processing includes object counting processing.
 7. A communication terminal communicably connected with a service providing server, the communication terminal comprising: circuitry configured to: receive a request for providing a service requested by a user, the service being one of one or more services provided by the service providing server; and perform a series of image processing on image data obtained at the communication terminal to implement the requested service in cooperation with the service providing server, the circuitry being configured to, in performing the series of image processing, execute a first program to perform first image processing on the image data, the first program requiring no authentication of the user in performing the first image processing; and execute a second program to perform second image processing on the image data, based on a determination that the user requesting the service is authorized to perform the second image processing, wherein the first program includes at least one of an image acquisition program for acquiring the image data, an image composition program for combining a plurality of items of the image data, and a distortion correction program for correcting distortion of the image data, the communication terminal further comprising a memory configured to: store, for each one of one or more imaging units available for use to capture the image data, an identifier for identifying the imaging unit, a number of imaging elements in the imaging unit, and a lens type of the imaging unit, in association; and store, for each one of one or more first programs available for use, an identifier of the first program to be executed, in association with at least one of the number of imaging elements and the lens type of the imaging unit, wherein: the circuitry determines a number of imaging elements and a lens type of an imaging unit that captures the image data, using the identifier of the imaging unit obtained from the imaging unit, and executes the first program associated with at least one of the determined number of imaging elements and the determined lens type.
 8. The communication terminal of claim 7, further comprising: a memory configured to store an authentication server identifier identifying an authentication server that has authenticated a user who is authorized to use the requested service, wherein the request for providing a service includes an authentication server identifier, and the circuitry allows execution of the second program based on a determination that the authentication server identifier of the request matches the authentication server identifier stored in the memory.
 9. The communication terminal of claim 7, wherein the one or more services provided by the service providing server includes at least one of a service to detect a specific object in the image data and a service to count a number of specific objects in the image data, wherein, when the service to detect a specific object is requested, the circuitry executes an object detection program for detecting a specific object in the image data as the second program, and when the service to count a number of specific objects in the image data, the circuitry executes an object counting program for counting a number of specific objects in the image data.
 10. The communication terminal of claim 7, wherein, when the determined number of imaging elements included in the imaging unit indicates one, the circuitry executes a first image acquisition program for obtaining image data captured with a single imaging element as the first program, and wherein, when the determined number of imaging elements included in the imaging unit indicates more than one, the circuitry executes a second image acquisition program for obtaining a plurality of items of image data that are respectively captured with a plurality of imaging elements as the first program.
 11. The communication terminal of claim 7, wherein, when the lens type of the imaging unit indicates a wide-angle lens, the circuitry executes, as the first program, a first correction program for correcting distortion in the image data captured with the imaging unit having a wide-angle lens, and wherein, when the lens type of the imaging unit indicates a fish-eye lens, the circuitry executes, as the first program, a second correction program for correction distortion in the image data captured with the imaging unit having a fish-eye lens.
 12. The communication terminal of claim 7, wherein: the second image processing includes object counting processing.
 13. An image processing method, performed by a communication terminal communicably connected with a service providing server, the method comprising: receiving a request for providing a service requested by a user, the service being one of one or more services provided by the service providing server; and performing a series of image processing on image data obtained at the communication terminal to implement the requested service in cooperation with the service providing server, the step of performing the series of image processing including: executing a first program to perform first image processing on the image data, the first program requiring no authentication of the user in performing the first image processing; and executing a second program to perform second image processing on the image data, based on a determination that the user requesting the service is authorized to perform the second image processing, wherein the image processing method is used with one or more authentication servers each being configured to authenticate a user to authorize or not authorize to use corresponding one of the one or more services provided by the service providing server, the method further comprising, performed by the service providing server: transmitting a request for authenticating the user who has requested the service to corresponding one of the one or more authentication servers that authenticates the user to authorize use of the requested service; and receiving a response including an authentication server identifier identifying the corresponding authentication server that has authenticated the user to authorize use of the requested service, wherein the authentication of the user for executing the second program is determined using the authentication server identifier that is included in the response.
 14. The image processing method of claim 13, which is used with a data processing terminal configured to remotely control the communication terminal according to a user operation, the data processing terminal being identified with a terminal identifier, wherein the service providing server performs: transmitting, with the request for authenticating the user, only a part of the terminal identifier subject for user authentication.
 15. The image processing method of claim 14, wherein the data processing terminal performs: controlling a display to display an image based on the image data applied with the series of image processing.
 16. The image processing method of claim 13, wherein: the second image processing includes object counting processing. 